Crypto talk at 28C3: Time is on my Side – Exploiting Timing Side Channel Vulnerabilities on the Web, Day 2, 18:30, Saal 2

Side channel attacks are very well known in cryptography. In a nutshell, a side channel information (not the ciphertext or the public key) is used to recover a secret. This can be the time it takes for a cryptographic operation, the power consumption of a device, the variations in the electromagnetic field surrounding a device or just the acoustic noise produced by a device. Secure implementations of cryptographic schemes usually implement countermeasures against these kind of attacks.

In contrast to the cryptography world, side channel attacks are not very well known in the general IT security business. However, side channel attacks can also be used against applications, that don’t use cryptography, but process any kind of secret data. Examples could be the size of a database, the privileges of a user, or just the length of a stored password. Sebastian Schinzel will present his analysis, as well as general attack techniques, than can be used to exploit side channel weaknesses on the web.

I think this talk is important, because it raises the general awareness of side channel attacks to the general IT security community. Side channel attacks are not solely restricted to cryptographic algorithms, and can be used as an effective attack against many more applications.

See the talk, Day 2, 18:30, Saal 2

Author: Erik Tews